Make WordPress Core

Opened 3 months ago

Last modified 5 weeks ago

#57865 new task (blessed)

GitHub Actions updates and improvements for 6.3

Reported by: desrosj's profile desrosj Owned by:
Milestone: 6.3 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)

This ticket is for various updates and improvements for Core's GitHub Actions workflows.


Change History (6)

#1 @johnbillion
5 weeks ago

In 55715:

Build/Test Tools: Restrict the permissions granted to jobs on GitHub Actions

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

Props desrosj, johnbillion

See #57865

#2 @SergeyBiryukov
5 weeks ago

  • Description modified (diff)

This ticket was mentioned in PR #4421 on WordPress/wordpress-develop by @johnbillion.

5 weeks ago

  • Keywords has-patch added

Trac ticket:

The GitHub Actions workflows are all failing after because the Slack notifications workflows are not being granted the permissions that they require.

Example failing workflow run:

The workflow is not valid. .github/workflows/coding-standards.yml (Line: 172, Col: 3): Error calling workflow 'WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk'. The nested job 'Prepare notifications' is requesting 'actions: read, contents: read', but is only allowed 'actions: none, contents: none'.

#4 @johnbillion
5 weeks ago

In 55717:

Build/Test Tools: Fix the permissions that are granted to the Slack notifications workflow.

Follow-up to [55715].

See #57865

#6 @johnbillion
5 weeks ago

  • Type changed from defect (bug) to task (blessed)
Note: See TracTickets for help on using tickets.